angular防止xss攻击的示例:angular提供了一个DomSanitizer服务,提供的方法如下:export enum SecurityContext { NONE, html, STYLE, SCRIPT, URL, RESOU
angular提供了一个DomSanitizer服务,提供的方法如下:
export enum SecurityContext { NONE, html, STYLE, SCRIPT, URL, RESOURCE_URL }
export abstract class DomSanitizer implements Sanitizer {
// 过滤恶意代码,可设置过滤类型
abstract sanitize(context: SecurityContext, value: SafeValue|string|null): string|null;
// 跳过html的检查
abstract bypassSecurityTrustHtml(value: string): SafeHtml;
// 跳style的检查
abstract bypassSecurityTrustStyle(value: string): SafeStyle;
// 跳过script的检查
abstract bypassSecurityTrustScript(value: string): SafeScript;
// 跳过style的检查
abstract bypassSecurityTrustUrl(value: string): SafeUrl;
// 跳过url的检查
abstract bypassSecurityTrustResourceUrl(value: string): SafeResourceUrl;
}
应该该服务进行防止xss攻击,例如:
// html
An untrusted URL:
A trusted URL:
// js
import { DomSanitizer } from '@angular/platfORM-browser';
@Component({
...
})
export class DemoComponent {
constructor(private sanitizer: DomSanitizer) {
}
this.dangerousUrl = 'javascript:alert("Hi there")';
// 人为信任该url
this.trustedUrl = sanitizer.bypassSecurityTrustUrl(this.dangerousUrl);
}
--结束END--
本文标题: angular如何防止xss攻击
本文链接: https://www.lsjlt.com/news/116074.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-05-08
2024-05-08
2024-05-08
2024-05-08
2024-05-08
2024-05-08
2024-05-08
2024-05-08
2024-05-08
2024-05-08
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0